Linux Add Files In Known Crontab Directories |
Cron |
Anomaly |
Linux Add User Account |
Local Account |
Hunting |
Linux Adding Crontab Using List Parameter |
Cron |
Hunting |
Linux apt-get Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux APT Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux At Allow Config File Creation |
Cron |
Anomaly |
Linux At Application Execution |
At |
Anomaly |
Linux Auditd Add User Account |
Local Account |
Anomaly |
Linux Auditd Add User Account Type |
Local Account |
Anomaly |
Linux Auditd At Application Execution |
At |
Anomaly |
Linux Auditd Auditd Service Stop |
Service Stop |
Anomaly |
Linux Auditd Base64 Decode Files |
Deobfuscate/Decode Files or Information |
Anomaly |
Linux Auditd Change File Owner To Root |
Linux and Mac File and Directory Permissions Modification |
Anomaly |
Linux Auditd Data Transfer Size Limits Via Split |
Data Transfer Size Limits |
Anomaly |
Linux Auditd Data Transfer Size Limits Via Split Syscall |
Data Transfer Size Limits |
Anomaly |
Linux Auditd Database File And Directory Discovery |
File and Directory Discovery |
Anomaly |
Linux Auditd Disable Or Modify System Firewall |
Disable or Modify System Firewall |
Anomaly |
Linux Auditd Doas Conf File Creation |
Sudo and Sudo Caching |
TTP |
Linux Auditd Doas Tool Execution |
Sudo and Sudo Caching |
Anomaly |
Linux Auditd Edit Cron Table Parameter |
Cron |
Anomaly |
Linux Auditd File And Directory Discovery |
File and Directory Discovery |
Anomaly |
Linux Auditd File Permission Modification Via Chmod |
Linux and Mac File and Directory Permissions Modification |
Anomaly |
Linux Auditd File Permissions Modification Via Chattr |
Linux and Mac File and Directory Permissions Modification |
Anomaly |
Linux Auditd Find Credentials From Password Managers |
Password Managers |
TTP |
Linux Auditd Find Credentials From Password Stores |
Password Managers |
TTP |
Linux Auditd Find Ssh Private Keys |
Private Keys |
Anomaly |
Linux Auditd Hidden Files And Directories Creation |
File and Directory Discovery |
Anomaly |
Linux Auditd Insert Kernel Module Using Insmod Utility |
Kernel Modules and Extensions |
Anomaly |
Linux Auditd Install Kernel Module Using Modprobe Utility |
Kernel Modules and Extensions |
Anomaly |
Linux Auditd Kernel Module Using Rmmod Utility |
Kernel Modules and Extensions |
TTP |
Linux Auditd Nopasswd Entry In Sudoers File |
Sudo and Sudo Caching |
Anomaly |
Linux Auditd Osquery Service Stop |
Service Stop |
Anomaly |
Linux Auditd Possible Access Or Modification Of Sshd Config File |
SSH Authorized Keys |
Anomaly |
Linux Auditd Possible Access To Credential Files |
/etc/passwd and /etc/shadow |
Anomaly |
Linux Auditd Possible Access To Sudoers File |
Sudo and Sudo Caching |
Anomaly |
Linux Auditd Possible Append Cronjob Entry On Existing Cronjob File |
Cron |
Hunting |
Linux Auditd Preload Hijack Library Calls |
Dynamic Linker Hijacking |
TTP |
Linux Auditd Preload Hijack Via Preload File |
Dynamic Linker Hijacking |
TTP |
Linux Auditd Private Keys and Certificate Enumeration |
Private Keys |
Anomaly |
Linux Auditd Service Restarted |
Systemd Timers |
Anomaly |
Linux Auditd Service Started |
Service Execution |
Anomaly |
Linux Auditd Setuid Using Chmod Utility |
Setuid and Setgid |
Anomaly |
Linux Auditd Setuid Using Setcap Utility |
Setuid and Setgid |
TTP |
Linux Auditd Shred Overwrite Command |
Data Destruction |
TTP |
Linux Auditd Sudo Or Su Execution |
Sudo and Sudo Caching |
Anomaly |
Linux Auditd Sysmon Service Stop |
Service Stop |
Anomaly |
Linux Auditd System Network Configuration Discovery |
System Network Configuration Discovery |
Anomaly |
Linux Auditd Unix Shell Configuration Modification |
Unix Shell Configuration Modification |
TTP |
Linux Auditd Unload Module Via Modprobe |
Kernel Modules and Extensions |
TTP |
Linux Auditd Virtual Disk File And Directory Discovery |
File and Directory Discovery |
Anomaly |
Linux Auditd Whoami User Discovery |
System Owner/User Discovery |
Anomaly |
Linux AWK Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Busybox Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux c89 Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux c99 Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Change File Owner To Root |
Linux and Mac File and Directory Permissions Modification |
Anomaly |
Linux Common Process For Elevation Control |
Setuid and Setgid |
Hunting |
Linux Composer Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Cpulimit Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Csvtool Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Doas Conf File Creation |
Sudo and Sudo Caching |
Anomaly |
Linux Doas Tool Execution |
Sudo and Sudo Caching |
Anomaly |
Linux Docker Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Edit Cron Table Parameter |
Cron |
Hunting |
Linux Emacs Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux File Created In Kernel Driver Directory |
Kernel Modules and Extensions |
Anomaly |
Linux File Creation In Init Boot Directory |
RC Scripts |
Anomaly |
Linux File Creation In Profile Directory |
Unix Shell Configuration Modification |
Anomaly |
Linux Find Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux GDB Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Gem Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux GNU Awk Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Insert Kernel Module Using Insmod Utility |
Kernel Modules and Extensions |
Anomaly |
Linux Install Kernel Module Using Modprobe Utility |
Kernel Modules and Extensions |
Anomaly |
Linux Make Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux MySQL Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Node Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux NOPASSWD Entry In Sudoers File |
Sudo and Sudo Caching |
Anomaly |
Linux Octave Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux OpenVPN Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux PHP Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux pkexec Privilege Escalation |
Exploitation for Privilege Escalation |
TTP |
Linux Possible Access Or Modification Of sshd Config File |
SSH Authorized Keys |
Anomaly |
Linux Possible Access To Credential Files |
/etc/passwd and /etc/shadow |
Anomaly |
Linux Possible Access To Sudoers File |
Sudo and Sudo Caching |
Anomaly |
Linux Possible Append Command To At Allow Config File |
At |
Anomaly |
Linux Possible Append Command To Profile Config File |
Unix Shell Configuration Modification |
Anomaly |
Linux Possible Append Cronjob Entry on Existing Cronjob File |
Cron |
Hunting |
Linux Possible Cronjob Modification With Editor |
Cron |
Hunting |
Linux Possible Ssh Key File Creation |
SSH Authorized Keys |
Anomaly |
Linux Preload Hijack Library Calls |
Dynamic Linker Hijacking |
TTP |
Linux Puppet Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux RPM Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Ruby Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Service File Created In Systemd Directory |
Systemd Timers |
Anomaly |
Linux Service Restarted |
Systemd Timers |
Anomaly |
Linux Service Started Or Enabled |
Systemd Timers |
Anomaly |
Linux Setuid Using Chmod Utility |
Setuid and Setgid |
Anomaly |
Linux Setuid Using Setcap Utility |
Setuid and Setgid |
Anomaly |
Linux Shred Overwrite Command |
Data Destruction |
TTP |
Linux Sqlite3 Privilege Escalation |
Sudo and Sudo Caching |
Anomaly |
Linux Sudo OR Su Execution |
Sudo and Sudo Caching |
Hunting |
Linux Sudoers Tmp File Creation |
Sudo and Sudo Caching |
Anomaly |
Linux Visudo Utility Execution |
Sudo and Sudo Caching |
Anomaly |